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Wires Fresh Or BE NOT ANYMORE! 


Introducing FreeNAS® Certified Flash: A high performance all- 
flash array at the cost of spinning disk. 


Unifies NAS, SAN, and object storage to support Perfectly suited for Virtualization, Databases, 
multiple workloads Analytics, HPC, and M&E 

Runs FreeNAS, the world’s #1 software-defined 10TB of all-flash storage for less than $10,000 
storage solution Maximizes ROI via high-density SSD technology 
Performance-oriented design provides maximum and inline data reduction 

throughput/lOPs and lowest latency Scales to 100TB in a 2U form factor 


OpenZFS ensures data integrity 


The all-flash datacenter is now within reach. Deploy a FreeNAS Certified Flash array 
today from IXsystems and take advantage of all the benefits flash delivers. 


Call or click today! 1-855-GREP-4-IX (US) | 1-408-943-4100 (Non-US) | www.iXsystems.com/FreeNAS-certified-servers 


Copyright © 2017 iXsystems. FreeNAS is a registered trademark of iXsystems, Inc. All rights reserved. 


The FreeNAS Mini: Plug it in and boot it up — It just works. 


Runs FreeNAS, the world’s #1 software-defined Backed by a 1 year parts and labor warranty, and 
Storage solution supported by the Silicon Valley team that designed 


Unifies NAS, SAN, and object storage to support and built it 


multiple workloads Perfectly suited for SOHOo/SMB workloads like 


Encrypt data at rest or in flight using an 8-Core backups, replication, and file sharing 


2.4GHz Intel® Atom® processor Lowers storage TCO through its use of enterprise- 
class hardware, ECC RAM, optional flash, white- 


OpenZFS ensures data integrity 
glove support, and enterprise hard drives 


A 4-bay or 8-bay desktop storage array that scales 
to 48TB and packs a wallop 


And really — why would you trust storage from anyone else? systems 


Call or click today! 1-855-GREP-4-IX (US) | 1-408-943-4100 (Non-US) | www.iXsystems.com/Freenas-Mini or purchase on Amazon. 


Intel, the Intel logo, Intel Inside, Intel Inside logo, Intel Atom, and Intel Atom Inside are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. 


Editor’s Word 


Tomorrow, June 1, 2018 marks a special day in Poland. It is Children’s Day, which is celebrated in 86 
countries worldwide at different times of the year. As we dedicate our time and energy to our little ones, 
| hope that the day adds more bliss and joyfulness to your life. Happy Children's Day! 


MAGAZINE 


Dear Readers, 


Let’s see what we have in this issue. For FreeBSD and NetBSD fans, we have two practical articles for 
you: one written by Abdorrahman Homaei and the second one by David Carlier. The first article, 
Practical ZFS On FreeBSD, will show you how amazing ZFS is. You will learn about ZFS design goals, 
how to enable ZFS on FreeBSD, and how to create your first ZFS Pool. You will also read about RaidZ, 
Snapshot and Rollback, and about Zpool Status. Additionally, you will learn how to share ZFS with NFS 
and how to monitor ZFS storage. The second article is about LLVM and Sanitizers. Don’t feel left out if 
you are using a BSD OS other than FreeBSD. This article will also cover NetBSD, too. You will learn that 
LLVM provides the frontends and various tools, and the different types of sanitizers to help you with 
debugging applications. Moreover, we have published the first module of the Device Driver 
Development so | highly encourage you to enroll in this course and learn more from Rafael, the course 
instructor. For our Self Exposure section, Joel Carnat, an amazing blog creator, discusses how to 
monitor OpenBSD using Grafana, InfluxDB, and CollectD packages. Lastly, does our data lie safely with 
large Social Media corporations, and is data privacy a call for concern? Find the answer to these and 
more as you internalize Rob’s column. Lastly, does our data lie largely with Social Media corporations 
and is data privacy a call for concern? Find the answer to these and more as you internalize Rob's 
column. Can corporations take steps to combat Unconscious Bias while interpreting such data? 
E.G.Nadhan expands on this in Expert Speak. 


See you next time, and enjoy the issue! 
Ewa & The BSD Team 


P.S. Send me an email at ewa@bsdmag.org if you would like more information or would like to share 
your thoughts. 


Table of Contents 


In Brief 


In Brief 

Ewa & The BSD Team 08 
This column presents the latest coverage of breaking news, events, product releases, and trending 
topics from the BSD sector. 
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Practical ZFS On FreeBSD 14 
Abdorrahman Homael 

ZFS is an advanced file system that was originally developed by Sun. It combines the roles of volume 
manager and file system to realize unique advantages. ZFS is aware of the underlying structure of the 
disks. It can detect low-level interrupt and provide RAID mechanism. ZFS ts also capable of sharing its 
volume separately. ZFS’s awareness of the physical layout of the disks lets you grow your storage 
without any hassle. Additionally, it has different properties that can be applied to each file system, 
giving many advantages of creating a number of different file systems and datasets rather than a single 
monolithic file system. 
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LLVM and Sanitizers in BSD 18 
David Carlier 

LLVM and clang frontend is available on various BSD as the main compiler for FreeBSD x86, ppc, and 
arm since the 10.x (was fully optional in the previous 9.x branch), OpenBSD x86 and arm since 6.2, 
NetBSD x86, arm, ppc, and sparc64. LLVM provides the frontends and various tools, and there are 
different types of sanitizers to help with debugging applications. 
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C Programming, UNIX and Main Data Structures 28 
Rafael Santiago de Souza Netto 

Nowadays, UNIX stands more as a model for an operating system to follow than as an operating 
system implementation. In the beginning, UNIX as a software was originally written at Bell Labs by two 
famous developers, Kenneth Thompson and Dennis Ritchie. 


Self Exposure 


Monitoring OpenBSD using CollectD, InfluxDB, and Grafana 36 
Joel Carnat 


www.tumfatig.net 
In a “get pretty graphs” mood, I’m looking at what can be done regarding OpenBSD monitoring using 


the CollectD collector and Grafana dashboard 
renderer. OpenBSD 6.2-current provides InfluxDB and 
Grafana packages, a great stack for pretty reportings. 


Expert Speak by E.G. Nadhan 


From Unconscious Bias to Unbiased 
Consciousness 42 
E.G. Nadhan 

A member of the audience attending a panel session 
on Unconscious Bias accidentally referred to the 
topic as Unbiased Consciousness. Perhaps, it was no 
accident and was a sublime message instead about 
the world to come — a world where we are 
consciously unbiased rather than being 
unconsciously biased. However, this utopian world 
can become real only if proactive actions are taken to 
combat such mindsets that may not be in our control. 


Column 


With Facebook attempting to slam the privacy 
stable door well after the horse has bolted, the 
corporate giant has suspended over 200 
applications which snarfed large amounts of 
profile data. What does the future hold for this 
global platform? 46 
Rob Somerville 

| have a certain degree of sympathy for Mark 
Zuckerberg after being hauled before Congress in 
light of the Cambridge Analytica fiasco. Inevitably, 
any cutting-edge technology will eventually feel the 
hot breath of the establishment breathing down on it, 
be it via indirect legislation or as in the case of Mark 
Zuckerberg, in a personal appearance before “the 
powers that be” to give account. 
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In Brief 


Visualizing ZFS Performance 


Many tools exist to understand ZFS performance challenges and opportunities, but a single table by 
renowned performance engineer Brendan Gregg will teach you to visualize the relationship between 
each tier of storage devices when architecting your TrueNAS or FreeNAS system. 


Brendan Gregg worked closely with the ZFS Team at Sun Microsystems and later wrote the definitive 
book on Unix systems performance, Systems Performance. In the book, Brendan examines dozens of 
powerful performance analysis tools from top(1) to DTrace and plots his results with flame graphs to 
help establish baseline performance and pinpoint anomalies. | can’t recommend the book enough and 
want to talk about a single chart in it that you might overlook. In the “Example Time Scale of System 
Latencies” on page 20, Brendan maps the latency of one CPU cycle to one second of time, and 
continues this mapping down through 14 more example elements of the computing stack. The resulting 
relative time scale ranges from one second for a CPU cycle to 32 millennia for a server to reboot. The 
four essential points in Brendan’s scale for ZFS administrators are: 


SSD Storage Access Two to Six Days 
Rotational Disk Access One to Twelve Months 


This deceptively simple chart provides the majority of what you need to understand ZFS performance 
challenges and opportunities. Newer flash-based storage devices like the NVDIMM and NVMe devices 
found in the new IrueNAS M-Series bridge the gap between SSDs and system RAM but the distinct 
performance tiers remain the same. Let’s break them down: 


One CPU Cycle 


A CPU cycle is the one fixed point of reference for the performance of any given system, and most 
TrueNAS and FreeNAS systems maintain a surplus of CPU power. The operating system and services 
are the obvious primary consumers of this resource, but a ZFS-based storage system makes effective 
use of CPU resources in less obvious ways: checksumming, compressing, decompressing, and 


encrypting data. The data integrity guarantee made by ZFS is only possible thanks to a modern CPU’s 
ability to calculate and validate data block checksums on the fly, a luxury not available on previous 
generations of systems. The CPU Is also used for continuously compressing and decompressing data, 
reducing the burden on storage devices and yielding a performance gain. 


Encryption performed by the CPU typically takes the form of SSH for network transfers or on-disk data 
block encryption. Faster SSH encryption improves network performance during replication transfers 
while data encryption can place an equal, if not greater burden on the storage system than 
compression. In all cases, CPU-based acceleration of compression, decompression, and encryption 
allows storage devices to perform at their best thanks to the optimization of the data provided to them. 


Main RAM Access 


Like the CPU, computer memory is not only used by the operating system and services, but it also 
provides a volatile form of storage that plays a key role in ZFS performance. Computer RAM is 
considered volatile because its contents are lost when the computer is switched off. While RAM 
performs slower than the CPU, it is also faster than all forms of persistent storage. ZFS uses RAM for 
its Adaptive Replacement Cache (ARC), which is essentially an intelligent read cache. Any data residing 
in the ARC, and thus RAM, Is available faster than any persistent storage device can provide, at any 
cost. While ZFS is famous for aggressively using RAM, it is doing so for a good reason. Investing in 
RAM can be the greatest investment you can make for read performance. 


SSD Storage Access 


sitting squarely between RAM and spinning disks in terms of performance are SSDs, now joined by the 
yet-faster NVMe cards and memory-class devices like NVDIMMs. Flash-based devices introduce 
persistent storage but generally pale in comparison to RAM for raw speed. With these stark differences 
in performance come stark differences in capacity and price, enlightening us to the fact that a 
high-performance yet cost-competitive storage stack is a compromise made of several types of 
storage devices. This has been termed “hybrid” storage by the industry. In practice, SSDs are the only 
practical foundation for an “all-flash array” for the majority of users and, like the ARC, they can also 
supplement slower storage devices. An SSD or NVMe card is often used for a ZFS separate log device, 
or SLOG, to boost the performance of synchronized writes, such as over NFS or with a database. The 
result is “all-flash” write performance and the data is quickly offloaded to spinning disks to take 
advantage of their capacity. Because this offloading takes place every five seconds by default, a little 
bit of SLOG storage goes a long way. 


On the read side, a /evel two ARC, or L2ARC, is typically an SSD or NVMe-based read cache that can 
easily be larger than computer memory of the same price. Serving data from a flash device will clearly 
be faster than from a spinning disk, but slower than from RAM. Note that using an L2ARC does not 
mean you cut back on your computer memory too dramatically because the L2ZARC index along with 
various ZFS metadata are still kept in RAM. 


Rotational Disk Access 


Finally, we reach the spinning disk. While high in capacity, disks are astonishingly slow in performance 
when compared to persistent and volatile flash and RAM-based storage. It is tempting to scoff at the 
relative performance of hard disks, but their low cost per terabyte guarantees their role as the heavy 


lifters of the storage industry for the foreseeable future. Stanley Kubrick’s HAL 9000 computer in the 
movie 2001 correctly predicted that the future of storage is a bunch of adjacent chips, but we are a 
long way from that era. Understanding the relative performance of RAM, flash, and rotating disks will 
help you choose the right storage components for your ZFS storage array. The highly-knowledgeable 
sales team at iXsystems is here to help you quickly turn all of this theory into a budget for the storage 
system you need. 


Michael Dexter 


Senior Analyst 


Source: https://www.ixsystems.com/blog/ 


BSDCan - The BSD Conference 


BSDCan, a BSD conference held in Ottawa, Canada, quickly established itself as the technical 
conference for people working on and with 4.4BSD based operating systems and related projects. The 
organizers have found a fantastic formula that appeals to a wide range of people from extreme novices 
to advanced developers. 

Tutorials: 6-7 June 2018 (Wed/Thu) 

Conference: 8-9 June 2018 (Fri/Sat) 

Location 

University of Ottawa, in the DMS (Desmarais) building. 


Source: https://www.bsdcan.org/2018/ 


EuroBSDcon 2018 


University Politehnica of Bucharest, Bucharest, Romania 

20 - 23 September, 2018 

EuroBSDcon is the European annual technical conference gathering users and developers working on 
and with 4.4BSD (Berkeley Software Distribution) based operating systems family and related projects. 
EuroBSDcon gives the exceptional opportunity to learn about latest news from the BSD world, witness 
contemporary deployment case studies, and meet personally other users and companies using BSD 
oriented technologies. EuroBSDcon is also a boilerplate for ideas, discussions and information 
exchange, which often turn into programming projects. The conference has always attracted active 
programmers, administrators and aspiring students, as well as IT companies at large, which found the 
conference a convenient and quality training option for its staff. We firmly believe that high profile 
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education is vital to the future of technology, and hence greatly welcome students and young people to 
this regular meeting. 


Source: https://2018.eurobsdcon.org/ 


pfSense 2.4.3-RELEASE-p1 and 2.3.5-RELEASE-p2 
Available 


The release of pfSense® software versions 2.4.3-p1 and 2.3.5-p2, now available for upgrades! 
ofSense software versions 2.4.3-p1 and 2.3.5-p2 are maintenance releases bringing security patches 
and stability fixes for issues present in the pfSense 2.4.3 and 2.3.5-p1 releases. 

This release includes several important security patches, including the issues discussed last week: 


FreeBSD Security Advisory for CVE-2018-8897 

FreeBSD-SA-18:06.debugreg 

FreeBSD Errata Notice for CVE-2018-6920 and CVE-2018-6921 

FreeBSD-EN-18:05.mem 

Fixed a potential LFl in pbkg_mgr_install.ohp #8485 pfSense-SA-18_04.webgui 

Fixed a potential XSS in pkg_mgr_install.php #8486 pfSense-SA-18_05.webgui 

Fixed a potential XSS vector in RRD error output encoding #8269 pfSense-SA-18_01.packages 


Fixed a potential XSS vector in diag_system_activity.php output encoding #8300 
pfSense-SA-18_02.webgui 


Changed sshd to use delayed compression #8245 
Added encoding for firewall schedule range descriptions #8259 


Aside from security updates, the new versions include a handful of beneficial bug fixes for various 
minor issues. 


Upgrading to pfSense 2.3.5-RELEASE-p2 


Updating from an earlier pfSense 2.3.x release to pfSense 2.3.5-p2 on an amd64 installation that could 
otherwise use pfSense 2.4.x requires configuring the firewall to stay on pfSense 2.3.x releases as 
follows: 


Navigate to System > Update, Update Settings tab 

set Branch to Legacy stable version (Security / Errata Only 2.3.x) 

Navigate back to the Update tab to see the latest pfSense 2.3.x update 

The same change is required to see pfSense 2.3.x packages for users staying on pfSense 2.3.x. 
Firewalls running 32-bit (i386) installations of pfSense software do not need to take any special actions 
to remain on 2.3.x as they are unable to run later versions. 


Update Troubleshooting 


If the update system offers an upgrade to pfSense but the upgrade does not proceed, ensure that the 
firewall is set to the correct update branch as mentioned above. If the firewall is on the correct branch, 
refresh the repository configuration and upgrade the script by running the following commands from 
the console or shell: 

pkg-static clean -ay; pkg-static install -fy pkg pfSense-repo pfSense-upgrade 

In some cases, the repository information may need to be rewritten. This can be accomplished by 
switching to a development branch, checking for updates, and then switching back to the appropriate 
branch and checking for updates again. 


Reporting Issues 


This release is ready for a production use. Should any issues come up with pfSense 2.4.3-RELEASE-p1 
or 2.3.5-RELEASE-p2, please post about them on the the forum, the mailing list, or on the /r/pfSense 
subreddit. 


Source: 
httos://www.netgate.com/blog/pfsense-2-4-3-release-p1 -and-2-3-5-release-p2-now-available.html 
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ZFS Design Goals 
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How to Create First ZFS Pool 
RaidZ, Snapshot, and Rollback 
Zpool Status 

Hot Spares 

Share ZFS With NFS 

Monitoring ZFS Storage 


What Is ZFS? 


ZFS is an advanced file system that originally 
developed by Sun. ZFS Combining the roles of 
volume manager and file system with unique 
advantages. ZFS is aware of the underlying 
structure of the disks and can detect low-level 
interrupt and provides RAID mechanism. ZFS is 
capable of share its volume separately. ZFS's 
awareness of the physical layout of the disks let 
you grow your storage without any hassle. ZFS 
also has a number of different properties that 
can be applied to each file system, giving many 
advantages to creating a number of different file 


systems and datasets rather than a single 
monolithic file system. 


Lately, ZFS development has moved to the 
OpenZFS Project. 


ZFS Design Goals 


ZFS has three major design goals: 


¢ Data integrity: All data includes a checksum of 
the data. When data is written, the checksum 
is calculated and written along with it. When 
that data is later read back, the checksum is 
calculated again. If the checksums do not 


match, a data error has been detected. ZFS 
will attempt to automatically correct errors 
when data redundancy is available. 


- Pooled storage: physical storage devices are 
added to a pool, and storage space Is 
allocated from that shared pool. Space is 
available to all file system and can be 
increased by adding new storage devices to 
the pool. 


- Performance: multiple caching mechanisms 
provide increased performance. ARC is an 
advanced memory-based read cache. The 
second level of disk-based read cache can be 
added with L2ARC, and disk-based 
synchronous write cache is available with ZIL. 


Enable ZFS On FreeBSD 


FreeBSD supports ZFS natively and all you need 
to do is to add this line to “/etc/rce.conf” 
manually: 

Bie serie,” 
Or with: 
# echo 'zfs enable="YES"' >> /etc/rc.conf 


Then start the service: 


+ SE7 Vice Gre Scart 


A minimum of 4GB of RAM ts required for com- 
fortable usage, but individual workloads can vary 
widely. 


Create First ZFS Pool 


ZFS can work directly with device node but you 
can also create your own disk with truncate: 


# truncate -s 2G disk 1 


# truncate -s 2G disk 2 
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# truncate -s 2G disk 3 
# truncate -s 2G disk 4 
Then create your own pool and name it storage: 


# zpool create storage /root/disk 1 
Jroouvdisk 2 /root/disk 3. 7/root/disk 4 


# zpool list 


As you can see we have 7.94G storage. This 
pool is not taking advantage of any ZFS features. 
To create a dataset on this pool with 
compression enabled: 


Compression Property 
# zfs create storage/myfolder 
# zfs set compression=gzip storage/myfolder 


It is now possible to see the data and space 
utilization by issuing df: 


storage 71. 71G Zk 71. 7G 
0% /storage 

storage/myfolder 7.7G 23K 7.7G 
0% /storage/myfolder 


you can disable compression by: 
# zfs set compression=off storage/myfolder 
Copies Property 


If you have something important you can keep 
more copies of It: 


# zfs create storage/archive 


# zfs set copies=2 storage/archive 


To destroy the file systems and then destroy the 
pool as it is no longer needed: 


# zfs destroy storage/myfolder 
# zfs destroy storage/archive 
# zpool destroy storage 


Zpool set autoexpand=on mypool 


RaidZ, Snapshot, and Rollback 


A variation on RAID-5 that allows for better 
distribution of parity and eliminates the "RAID-5" 
write hole (in which data and parity become 
inconsistent after a power loss). Data and parity 
are striped across all disks within a raidz group. 


Try creating a file system snapshot which can be 
rolled back later: 


# zfs snapshot storage/myfolder@now 
You can restore to the created snapshot with: 
# zfs rollback storage/myfolder@now 


Also, you can list all ZFS datasets and 
snapshots: 


+ Fre Laat =e. ali: 


Zpool Status 


A pool's health status is described by one of 
three states: 


¢ online (all devices operating normally) 


¢ degraded (one or more devices have failed, but 
the data is still available due to a redundant 
configuration) 


- faulted (corrupted metadata, or one or more 
faulted devices, and insufficient replicas to 
continue functioning) 


You can get pool status by: 


# zpool status 
Hot Spares 


ZFS allows devices to be associated with pools 
as "hot spares". These devices are not actively 
used in the pool, but when an active device fails, 
it is automatically replaced by a hot spare. To 
create a pool with hot spares, specify a "spare" 
vdev with any number of devices. 
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In the example, we have raidz consist of 4 disks 
and 1 backup disk. 


# zpool create storage raidz /root/disk 1 
/root/disk 2 /root/disk 3 /root/disk 4 
spare /root/disk 5 


Share ZFS With NFS 


ZFS supports NFS natively and you can share 
pools in a network. 


Add these lines to “/etc/rc.conf”: 

mpCOind enable= "Tho" 
MOUIEC. kag oat 

its: Seaver eCnaole- ho 
MOUNEO-Chable=" Yo” 

Then issue this command: 

zfs set sharenfs=on storage/myfolder 


showmount command will list NFS export 
Lee 


# showmount -e 
Monitoring ZFS Storage 


With ZFS built-in monitoring system you can 
view pool I/O statistics in real time. It shows the 
amount of free and used space in the pool, read 
and write operations per second and I/O band- 
width. 


By issuing this command status will be shown 
every 1 second: 


# zpool iostat 1 


Conclusion 


ZFS Combining the roles of volume manager and 
file system with unique advantages. It's aware of 
the underlying structure of the disks and can 
detect low-level interrupt and provides RAID 
mechanism. 


Useful Links 


httos://www.freebsd.org/doc/handbook/zts.html 


httos://docs.oracle.com/cd/E23824 01/html/821-1 
448/gayne.html 


httos://blogs. oracle.com/roch/nfs-and-zfs, -a-fine-C 
ombination 


httos://www. freebsd. org/doc/handbook/zfs-term.ht 
ml 


httos://www. freebsd. org/doc/handbook/zfs-zpool. 
html 


httos://www.freebsd.org/doc/en/books/faq/all-abo 
ut-zfs.html 
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BSD Certification 


The BSD Certification Group Inc. 
(BSDCG) is a non-profit organization 
committed to creating and 
maintaining a global certification 
standard for system administration 
on BSD based operating systems. 


@ WHAT CERTIFICATIONS ARE AVAILABLE? 


BSDA: Entry-level certification suited for candidates 
with a general Unix background and at least six months of 
experience with BSD systems. 


BSDP: Advanced certification for senior system administrators 
with at least three years of experience on BSD systems. 
Successful BSDP candidates are able to demonstrate 

strong to expert skills in BSD Unix system administration. 


© WHERE CAN I GET CERTIFIED? 


We're pleased to announce that after 7 months of 
negotiations and the work required to make the exam 
available in a computer based format, that the BSDA 
exam is now available at several hundred testing centers 
around the world. Paper based BSDA exams cost $75 USD. 
Computer based BSDA exams cost $150 USD. The price of 
the BSDP exams are yet to be determined. 


Payments are made through our registration website: 
https://register.bsdcertification.org//register/payment 


@) WHERE CAN 1 GET MORE INFORMATION? 


More information and links to our mailing lists, Linkedin 
groups, and Facebook group are available at our website: 
http://www.bsdcertification.org 


Registration for upcoming exam events is available at our 
registration website: 
https://register.bsdcertification.org//register/get-a-bsdcq-id 


BSD 


LLVM and Sanitizers 
in BSD 


LLVM and clang frontend is available on various BSD as the main compiler for FreeBSD 
x86, ppc and arm since the 10.x (fully was optional in the previous 9.x branch), OpenBSD 
x86 and arm since 6.2, NetBSD x86, arm, ppc and sparc64. LLVM provides the frontends 
and various tools, and on the other side of the spectrum, there are different types of 
sanitizers to help with debugging applications. 


What you will learn: 

What are the available sanitizers and tools 

Their various availability and working state for each BSD. 
What you need to know: 

Basic knowledge of LLVM usage with any frontend 


Experience in debugging with language using LLVM infrastructure 


LLVM is mainly used via its frontends to generate subset of is used by gcc), which we are going to 
LLVM bytecode, which is eventually compiled to focus in this article. 

native binary format. It also comes with 
(optional) a set of tools from static code analysis, 
code formatter (clang-format), LLVM IR 
“interpreter” (Ili), LLVM bytecode quality 
measuring (Ilvm-mca) to the sanitizers suite (a 


The sanitizers are capable of detecting bugs at 
runtime that are not predictable when compiling. 
What if a buffer has a constant size but the 


program allows writing from user entry without 
size checking? 


Address Sanitizer The above code will generate the report which is 


| 7 shown on Figure 1. 
This sanitizer (aka asan) detects memory usage 


error at run-time, dangling pointers usage or We can see the fifth character, ‘5’ out of the 
buffer boundaries issues to summarize. The flag boundaries. 
to pass is -fsanitize=address . 
And this code: 
For a basic example: 


6x4/73200 i/tap/a oute+ix473200) 
6«49469/7 (/tap/a out +x494697) 
0x40d15e (/tap/a out+x 40d 1Se} 
Oxbe0Gdotrf (<unknown sodule>) 


Address Gx7fffftffea6S is located in stack of thread T@ at offset 37 in frame 
#0 6x4945bf (/tmp/a.out+Ox4945bf) 


This ftrame has 1 objectis): 
[32, 37) ‘p* <s= Memory access at offset 37 overflows this variable 
HINT: this may be a false positive if your program uses some custom stack unwind sechanisa or swapcontext 
(Longiap and Ce+ exceptions *are* supported) 

SUMMARY: AddressSanitizer: stack-buffer-overflow (/tep/a,.oute+Gx47370d0) 
Shadow bytes around the buggy address: 

Ox4tTtrrrtttcte: 86 86 BB BB GG 8G 88 BE GB OG OG BO BB GB OG OG 

Ox4tTTrrrrtraege: 86 68 BO BB G6 OG 88 BO GE OG 86 BO BB OG OG OF 

Ox4tttrrtttdle: 86 66 88 BB 86 86 88 8B 8B 66 86 BO BB OG 86 OE 

Ox4tttrtrttttdZe: 86 66 88 BB 86 86 88 BO 8B GG OG BO BB 8G OG OE 

Ox4tttrrtttd3e: 86 86 88 BB G6 86 88 BO BB 8G OG 88 BB OG OG OG 
e>Ox4tttrtrtttd4e: 86 66 88 88 86 86 88 OO 85] 

Ox4tttrrtttdase: 86 86 88 BB 86 86 88 BB BB GG 8G BO BB GG 8G OE 

Ox4tttrrtttdee: 86 86 88 BB 86 86 88 BO 8B OG OG BO BB OG OG OG 

Ox4tttrtrtttd7e: 86 66 88 BB 86 86 88 BB 8B 86 86 BO BB OG OG OG 

Ox4tttrrtttdse: 86 66 8G BB 86 86 88 BB BB GG OG 88 BB OG 8G OE 

Ox4tttrrttrave: 86 66 88 BB G6 86 88 BB 8B GG OG BO BB OG OG OE 
Shadow byte Legend (one shadow byte represents & application bytes): 

Addressable: 66 

Partially addressable: 61 62 63 64 65 66 67 

Heap left redzone 

Freed heap region 

Stack left redzone: 

Stack mid redzone 

Stack right redzone: 

Stack after return: 

Stack use after scope 

Global redzone: 

Global init order 

Poisoned by user: 

Lontainer overflow: 

Array cookie: 

Intra object redzone: bb 

ASan internal te 

Left alloca redzone: 

Right alloca redzone: 
##84 7@«ABORTING 


Figure 1. The report 
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char *p = malloc(5); Where, we see the attempt to use the 5 bytes 


allocated and freed earlier 
SEICpyip, “abca”)- 


Supported by: FreeBSD and NetBSD 


free (p); 
*ptr = p; Memory Sanitizer 
This sanitizer (aka msan) is mainly used to detect 
uninitialized values when attempted to be used. 
eee patna Poona) For example: this code 
rinc luce <a do. b> 
char *p; f#include <stdlib.h> 
test (&p) ; 
printf£("%s\n", p); tM Metri ik aoc, Cher “"argy) 
re_curn 0; 
\ int *arr = (int *)malloc(sizeof(*arr) * 
10); 


gives the output which can be seen on Figure 2. 


==896==ERROR: AddressSanitizer: heap-use-after-free on address 6x662000000010 at pc 0x00000043c2c7 bp Ox7fffffffeI10 sp Ox7tttttttease 


#0 Ox43c2cb (/tmp/a.out+Ox43c2c6) 
#1 Ox430868 (/tmp/a.outeGx430d868) 
#2 0x494769 (/tmp/a.out+6x494769) 
#3 Ox40dl/e (/tmp/a.outeGx40dl/e) 
#4 Ox8006d6fff (<unknown sodule>) 


freed by thread TO here: 
Ox482a5b (/tmp/a.out+6x482a5b) 
Ox49400D = (/tmp/a.outeox494600) 
Ox494728 (/tmp/a.out+Ox49472a) 
Ox40dlve (/tmp/a.outeGx40dl/e) 
OxBee0d6Tff (<unknown sodule>) 


previously allocated by thread T6 here: 
#0 Ox482cOc 3 (/tep/a.outeOx482cOc ) 
#1 @x4945ea = (/tmp/a.out+6x4945ea) 
2? Ox494/ 2a (/tmp/a outebx494/ 7a) 
#3 O@x4O0dlve (/tmp/a.out+Ox40dl7e) 
#4 Ox8ee6d6f tt f<unknown module>) 


SUMMARY: AddressSanitizer: heap-use-after-free (/tmp/a.oute8x43c2c6) 
Shadow bytes around the buggy address: 
Ox4ce3sfftttt tbe: 86 86 BB BB BE Be 86 GO 66 68 OB 8B BB BB 00 


Ox4cO3sTittftfce: 88 bb OB BO OO OG OO O68 O68 08 OD 0b OD OU OO OO 
Ox4cO3sfffttftfde: 86 6B BB BB BE 90 88 O88 O68 OO Ft JE 
Ox4cOsTtittttTeo: B08 OO uo OG 00 

Ox4cO3sfffftfftfte: 66 66 8B BB E 9 88 OG 


=>6x4c 04900000000 : falfdifta fa 
fa fa fa fa 
fa fa fa fa 
fa fa fa fa 
fa fa fa ta 
fa fa fa fa 
Shadow byte legend (one shadow byte represents & application bytes): 


Figure 2. The output 
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it (err leargc]) void *changeA(void *arg) 
Prelaue ("2a a", Srl aroc))- { 
free (Arr) > a= +1 {Int © erg); 
return 0; printf("a is @d\n", a); 
} return 0; 


will give an output (See Figure 3) highlighting the 


use of the uninitialized array item. | — 
Lie Manta eroc, Cher “arg 7) 


Supported by: FreeBSD (from clang 7) and 
NetBSD 

Peiteeo — Pelz: 
Thread Sanitizer 

int cl = 13; 
This sanitizer (aka tsan) is mainly used to detect 
race conditions in multi-thread context, which is 
a usually quite edgy sort of bugs to solve. The pthread _create(é&pt[0], NULL, changeA, 
impact in terms of performance is more prone “eels 
noticeable than the rest of the sanitizers. 
However, it’s delicate to use it in production 
code. 


Lit: ec. = Lis 


PlLireec Createtepuli |, NUbhy Coangen, 
(vYoOna *) (ez); 


PLoreao jJornipcl. |, Ni) s 


Per een. jCin toe Cll, NULL): 
#include <pthread.h> 

return O; 
#include <stdio.h> 


Staric in. a2 = 12 


#0 Oxl07b308 (/usr/home/dcartlier/a.out+0x5a308) 
#1 0x1031d6f (/usr/home/dcarlier/a.out+0xl0d6f) 
#2 OxBOl2bBTff (<unknown module>) 


: MemorySanitizer: use-of-uninitialized-value (/usr/home/dcarlier/a.out+0x5a308) 


Figure 3. The use of the uninitialized array 
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Again, this code would not cause visible issue. 
But with the sanitizer instrumentation, the data 
race with the global is detected. See Figure 4. 


Supported by: FreeBSD and NetBSD 


Undefined Behavior Sanitizer 


For example, let’s try a classic integer overflow: 


The role of the Undefined Behavior Sanitizer (aka 
ubsan) is to detect subtle undefined behavior 
bugs as integer overflow, division by zero, and 
invalid bit shift operations (a typical case with 
signed types trying to shift bits as it was 
unsigned). Ubsan Is often used in conjunction 
with other sanitizers like asan, msan or tsan. 


Thread Tl (tid=1600594, 


running) created by gain thread at: 


#6 <null> /home/dcarlier/\lvm/projects/compiler-rt/lib/tsan/rtl/tsan dense alloc.h:108 (a.out+0x415673) 
#1 <null> /home/dcarlier/\lvm/projects/compiler-rt/lib/tsan/rtl/tsan dense alloc.h:108 (a.out+0x47864e) 
#2 <null> /home/dcarlier/\lvm/projects/compiler-rt/lib/tsan/rtl/tsan dense alloc.h:168 (a.out+@0x46da7e) 


SUMMARY: ThreadSanitizer: data race /home/dcarlier/tlvm/projects/compiler-rt/lib/tsan/rtl/tsan dense alloc.h:168 


£6 <null> 
<null> 
<null> 
<null> 
<null> 
<null> 


2) 
#2? 
#3 
o4 
#5 


#0 
#) 
£2 
#3 
a4 
#5 


Location is 
<null> 
<null> 
<null> 
<null> 
<null> 
<null> 


#0 
#1 
#2 
#3 
| 
#5 


Thread T2 (tid=100595, 


<null> 
<null> 
<null> 
<null> 
<null> 
<null> 


/home/dcarlier/\lvm/projects/compiler 
<null> (lLibc.so.7+0x158082) 
f/home/dcarlier/\lvm/projects/compiler- 


/home/dcarlier/\lvm/projects/compiler.- 
<enull> (libc.so.7+0x15835c) 

/home/dcarlier/\lvm/projects/compiler 
/home/dcarlier/\lvm/projects/compiler 


<enull> (Libe.so.7+0x15835c) 

f/home/dcartlier/\lvm/projects/compiler- 
f/home/dcarlier/\lvm/projects/compiler:- 
f/home/dcarlier/\lvm/projects/compiler 
f/home/dcarlier/\lvm/projects/compiler 


f/home/dcarlier/\lvm/projects/compiler- 
f/home/dcarlier/\llvm/projects/compiler- 
f/home/dcarlier/\llvm/projects/compiler- 


fhome/dcarlier/\lvm/projects/compiler- 
f/home/dcarlier/\lvm/projects/compiler- 


rt/lib/tsan/rtl/tsan 


rt/lib/tsan/rtl/tsan 
rt/lib/tsan/rtl/tsan 
rt/lib/tsan/rtl/tsan 
rt/lib/tsan/rtl/tsan 


rt/lib/tsan/rtl/tsan 


rt/lib/tsan/rtl/tsan 
rt/lib/tsan/rtl/tsan 
rt/lib/tsan/rtl/tsan 
rt/lib/tsan/rtl/tsan 


rt/lib/tsan/rtl/tsan 


rt/lib/tsan/rtl/tsan 
rt/lib/tsan/rtl/tsan 
rt/lib/tsan/rtl/tsan 
rt/lib/tsan/rtl/tsan 


running) created by main thread at: 


#0 <null> /home/dcarlier/\llvm/projects/compiler-rt/lib/tsan/rtl/tsan 
#1 <null> /home/dcartlier/\lvm/projects/compiler-rt/lib/tsan/rtl/tsan 
#2 <null> /home/dcarlier/\llvm/projects/compiler-rt/lib/tsan/rtl/tsan 


Thread Tl (tid=160594, 


running) created by main thread at: 
#0 <null> /home/dcarlier/\lvm/projects/compiler-rt/lib/tsan/rtl/tsan 


#1 <null> /home/dcarlier/\lvm/projects/compiler-rt/lib/tsan/rtl/tsan 
#2 <null> /home/dcartlier/\lvm/projects/compller-rt/lib/tsan/rtl/tsan 


SUMMARY : 


ThreadSanitizer: 


Figure 4. The data race with the global 
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dense 


dense 
dense 
dense 
dense 


dense 


dense 
dense 
dense 
dense 


heap block of size 4096 at 6x7b8606006000000 allocated by thread Tl: 
f/home/dcarlier/ llvm/projects/compiler- 


dense 


dense 
dense 
dense 
dense 


dense 
dense 
dense 


dense 
dense 
dense 


alloc. 


alloc. 
alloc. 
alloc. 
alloc. 


alloc. 


alloc. 
alloc. 
alloc. 
alloc. 


alloc. 


alloc. 
alloc. 
alloc. 
alloc. 


alloc. 
alloc. 
alloc. 


alloc. 
alloc. 
alloc. 


‘1065 


-1668 
-106 
:168 
:168 


: 108 


- 1668 
-166 
‘106 
: 108 


: 168 


: 108 
°108 §¢ 
- 108 
- 106 


: 108 
- 108 
‘106 


.out+Ox4ld0d6) 


.out+Ox420TOSs ) 
.out+0x422367 ) 
.out+0x4785b1 } 
.out+6x415665) 


.out+@x413d66 } 


a.out+Ox4Z20TOs} 


.out+0x422367 ) 
.out+0x4785b1 ) 
.out+6x415665 ) 


.out+6x413d66) 


.Out+Ox420T 08) 
~OUT+Ox422367) 


s.out+Ox4785b1} 


-168 | 
‘168 { 
‘1608 


(a. 
(a. 
(a. 


.out+0x415005 ) 


.out+0x415673) 
.out+0x47866e ) 
.out+Ox40da/e) 


out+@x4150/73) 
out+Ox47864e) 
out+0x40da/e) 


data race /home/dcarlier/tlvm/projects/compiler-rt/lib/tsan/rtl/tsan dense alloc.h:168 


Which will give the following output with this public: 
generic flag -fsanitize=undefined. See Figure 5. 

since it’s not a dynamic value, modern compilers 

can detect such overflow. Another example of = 
ubsan usage, for C++ only, is to check if the 
internal pointer to vtable of a given instance 
class really points to the right function pointers. 
For example, with the flag -fsanitize=vptr , this 
code which would not trigger any apparent fault { 
in a normal situation, 


int getI() { return i; } 


1. Mai (yOu) 


unsigned char *p = new unsigned 


#inelude <string> char[sizeof (B) ]; 


class A { B *pB = (B *)p; 


Char mi 5)|> Pe=7geUM() + 


pB->getI(); 


VWirtcuel void vViret) = 0; 
public: delete it pe 
char *getM() { return m; } return 0; 


ie: } 
Clace & 2 Public #4 


int i; will display the following output, where the 
allocated pointer is not a proper B class 


void virt() { i= 0; } instance. See Figure 6. 


a.cc:2i:/: member call on aggress ¢ 729 WhIch Goes not poin O an objJect oF type 
0x000801c1f020: object has invalid vptr 
88 88 88 6e 86 68 88 88 6b BG OB BG 68 86 OB BG 88 88 88 OB 8b 88 88 68 86 Ob 88 86 86 OB BE OB 


invalid vptr 
@.cce:7:25: member access within address 60x000801c1f020 which does not point to an object of type ‘A’ 
OxO008G1c1fO20: object has invalid vptr 


089 00 600 60 60 68 68 GO 06 66 Ob 8G O68 86 O08 60 O68 08 66 06 Ob 80 86 O68 60 Ob 00 86 G6 O68 806 OD 


invalid votr 
a.cc:22:7: member call on address 0x000801c1f020 which does not point to an object of type ‘B’ 
0x000601c1f020: object has invalid vptr 
68 88 866 88 80 68 88 66 68 BO Ob 88 868 BO OB 88 68 88 88 6B 88 88 88 68 88 Ob 88 88 886 8B BC OO 


invalid vptr 
@.c¢:14:23: member access within address O0x000801c1f020 which does not point to an object of type ‘B’ 
6xOG0801c1fO20: object has invalid vptr 
66 66 66 66 60 60 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 66 606 


invalid vptr 


Figure 6. The output, where the allocated pointer is not a proper B class instance 
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Supported by: FreeBSD, OpenBSD (from clang 
7) and NetBSD 


Leak Sanitizer 


As its name suggests, it detects 
memory/resource leaks. 


Supported by: At the moment, only a NetBSD 
support is planned by the NetBSD foundation. 


SafeStack 


safestacks protects the software against stack 
overflows without a noticeable performance hit. 
It is more useful for systems without such 
protection originally. 


The flag to pass in order to enable it ts: 
*-fsanitize=safe-stack- 


Therefore, a simple program that would function 
somehow in normal conditions 


#include <string.h> 


ic Mein(ine @roe,; Char ~aroy| |) 
{ 

Char ol. i7 
"abcdefghi") ; 


Sticpy (Oy 


return QO; 


will simply provoke a segmentation fault. 


Supported by: FreeBSD and NetBSD 
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X-ray instrumentation 


This feature allows getting accurate function call 
tracing, giving the opportunity to inspect the 
bottlenecks without significant performance 
impact, and allowing itself to be used in 
production simultaneously. 


With this code, we can use attributes to define 
instrumented or not instrumented functions to 
check, for example, the ones that are 
suspiciously the bottlenecks in terms of 
performance, and the ones we are sure are not. 


Fi ncluide <unistd.h> 


Blatic@ 1nt Global = o 


void always instrument (int) 


_ @btCribure (ixrey always imecriienl)); 


VOlO. Never IS trier. (tii) 


- Q@ELELDUCSe ({xkPey never 1nSserument) 7; 


void reset () 


__@EErIbure Aierey never Iie lmimene) i); 


VOLO 2@lWeys IMSL eUmene {ine 2) 
{ 
global += 1; 


sleep (3); 


Vor ever Je eromene (ine, a) 
{ 
global += 1; 


sleep (3); 


spent (by default, the trace is not generated). 
See Figure 7. 


void reset () 


Since our never_instrumented and reset 
functions are not instrumented on purpose, the 

global = 02 delta with main (instrumented by default) 
appears clearly. See Figure 8. 


Supported by: FreeBSD (from clang 7), 
OpenBSD (from clang 7), and NetBSD 


int main() 


Fuzzer 


Fuzzing, in general, is a very useful software 
testing technique based on giving random data 
always instrument (i) ; (called corpus) to the software or library in 
question. 


ror (10. 1. = Ue 2 = oe at ae) CG 


Hever Inst rimenL (i) 


In the LLVM standpoint, there is a possibility to 
build a binary to be used for fuzzing. First, we 
need to define the LLVMTestFuzzerOnelnput C 
function (main entry point is already defined) as: 


reset(); 
LG. iVvVM Er ioeCr us ZerOneInpUrt mince.  “anpuT, 
Size. -t. tnpue len) 
return OQ; i 
} <exploiting input> 
Here, we generate the trace of our application to return 0; 


check which part of the code count in the total 


[dcarlier@freebsdvbox ~/Llvmbuild]$ XRAY OPTIONS="xray mode=xray-basic verbosity=1" ./a.out 
=64904==XRay: Log file in ‘xray-log.a.out.LNEIHP' 


=64904==Skipping buffer for TID: 100548; Fd = 3; Offset 
=64904==Cleaned up log for TID: 100548 


Figure 7. The trace is not generated 


idcarlier@freebsdvbox -—/Livmbuild]$ bin/Ulvm-xray account xray-log.a.out.KKQSXv -sortorder=dsc -instr map ./a.out 
Functions with latencies: 2 
funcid count | min, med, 9060, 99p, max | sum function 


2 1 ([18.211711, 18.211711, 18.211711, 18.211711, 18.211711] 18.211711 xray.cce:27:0: main 
l 3 {| 3.005904, 3.615083, 3.078129, 3.678129, 3.678129] 9.099116 xray.cc:160:60: always instrument(int} 


Figure 8. The delta with main (instrumented by default) appears clearly 
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Usually, libFuzzer is used in conjunction with a void myLibraryCall(const char *); 
sanitizer to spot possible bugs, the ones we 

mentioned earlier, in the process. Therefore, as 

libFuzzer, ubsan, msan, asan and tsan support extern "C" int 

parallel jobs. LiVMPugzer les Onelipuliconst tints 7 


"i npuc, e226 2 tnpuclem 


#include <sys/types.h> 

My bibveryCelli (conse. Char =)a7puL); 
rinclgee <string.h> 

return QO; 
Tine ude <—slo1al.n> 


Seed: 2667175539 
Loaded 1 modules (2 inline 8-bit counters): 2 [O0x669df0, Ox669df2), 
Loaded 1 PC tables (2 PCs): 2 [0x45b078,0x45bD098), 

5 files found in ../corpus/ 


-max len is not provided; lLibFuzzer will not generate inputs larger than 4096 bytes 
seed corpus: files: 5 min: lb max: 12b total: 24b rss: 31Mb 

INITED cov: 2 ft: 2 corp: 1/lb Lim: 4 exec/s: 0 rss: 31Mb 

DONE cov: 2 ft: 2 corp: 1/l1b Lim: 4 exec/s: 0 rss: 31Mb 


Figure 9. A corpus data containing an element to trigger the buffer overflow 


SUMMARY: AddressSanitizer: heap-buffer-overflow (/tap/a.out+Ox4e5f2b}) in interceptor strcpy.part.245 
Shadow bytes around the buggy address 
OxGcO47 tt t7 tbe: 66 66 
OxGcO4a7((t7 ce: b 68 68 
bxOceaTrrt7tde: 68 66 
OxGceas ttt /te@: 00 OO 
OxGcO47ttt7 tte: 86 88 OO BB 
>6x6cO47 ff fBEG8: falOljita 
bxOcO47 ft fBeele: fa fa 
bxGce47ttfBa2e: fa fa 
bxOce47tt Teese: fa fa 
bxOcO47tTTSe4e: fa fa 
bxGcO47 tt tsese: ta fa 
Shadow byte legend (one shadow byte represents 8 application bytes): 
Addressable: 66 
Partially addressable: 61 62 683 64 65 66 6? 
Heao Left redzone: 
Freed heap region: 
Stack left redzone: 
Stack mid redzone: 
Stack right redzone: 
Stack after return: 
Stack use after scope: 
Global redzone: 
Global init order: 
Poisoned by user: 
Container overflow: 
Array cookie: 
Intra object redzone: 
ASan internal: 
Left alloca redzone: 
Right alloca redzone: 
==2?7158=<=<ABORTING 
MS: 6 ; base unit: seggsegosGeesesgeosesgeossgeosuseeosceonsae 


Figure 10. A corpus data containing an element to trigger the buffer overflow 
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VOlC. WVLAbtery all (cone: char “cara 


{ 
Static Cher burl. |> 


Belcpy bur, Gale) ; 


Let’s compile this with these flags 
‘-fsanitize=fuzzer,address 


SO we have a corpus data containing an element 
to trigger the buffer overflow. See Figure 9 and 
10. 


Supported by: FreeBSD (from clang 7), 
OpenBSD (from clang 7) and NetBSD 


Development 


Various FreeBSD developers/contributors had 
done most of the work for FreeBSD. | personally 
ported libFuzzer, msan, and X-Ray 
instrumentation. 


For NetBSD, mainly kamil from the NetBSD 
foundation. 


For OpenBSD, | ported ubsan, libFuzzer, and 
X-ray instrumentation. 


Conclusion 


The sanitizers are definitely useful within a 
developer’s toolset, whether it’s for professional 
purpose or as BSD contribution to detecting 
subtle bugs exhaustively in the userland. The 
Support varies; while the BSD, NetBSD, and 
FreeBSD support most of the features, 
OpenBSD only supports a subset of the features, 
but always under active development. 


of 
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Device Driver Development 


C Programming, UNIX 
and Main Data 
Structures 


Nowadays, UNIX stands more as a model for an operating system to follow rather than an 
operating system implementation. In the beginning, UNIX as a software was originally written 
at Bell Labs by two famous developers: Kenneth Thompson and Dennis Ritchie. 


In 1963, Bell Labs and others companies joined ¢- Be capable of storing and sharing data and 
to create a new operating system with the programs on a large scale 


following requirements: 
¢ Allow data sharing among users and groups 


¢ Multi-user 
This project/system was called MULTICS. It was 


¢- Be multi-tasking developed on a GE-645 but in 1969, MULTICS 


28 


was still not a fully working operating system. 
Other companies have continued the MULTICS 
development but Bell Labs, not seeing much 
future in this project, decided to quit. 


During that time, some developers within Bell 
Labs were frustrated with the decision to quit 
and, started developing a simpler MULTICS 
version themselves. 


Actually, Kenneth Thompson was tired of trying 
to play ‘Space Travel’ in MULTICS. Space Travel 
was a simulation game he originally wrote for 
MULTICS. However, the operating system was 
not much able of well executing that game. Still 
in 1969, facing the MULTICS execution 
problems, Thompson decided to port Space 
Travel to another unused computer in his 
laboratory, a PDP-7. Having developed tons of 
workarounds to make possible the game 
execution, this porting effort quickly became an 
entire operating system, fully written in PDP-7 
assembly. 


In order to convince the company managers 
about how serious the project was, it was 
presented as a future text editor; later, it evolved 
to a general-purpose operating system, named 
UNIX. 


several technologies were developed as support 
for the UNIX project. The most important was the 
C programming language, developed by Dennis 
Ritchie. 


C was developed as an evolution of Thompson’s 
B language. The UNIX was totally re-written in C 
and it was released as a commercial operating 
system. C allowed UNIX to be developed ina 
more portable way with regard to other computer 
architectures. The portability introduced by the C 
language was a seminal step in computing field 
as a whole. 


The name ‘UNIX’ is just a pun on the name 
‘MULTICS’. 
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The features and fruits of UNIX 


The interesting thing about UNIX is that its 
source code was used in Operating System 
classes until the code was closed by AT&T. If you 
are interested in looking at the original UNIX 
source code developed by Thompson & Ritchie 
(UNIX V6), search for the book: “Lions’ 
commentary on UNIX 6" Edition — with source 
code” (ISBN 1-57398-013-7). The book was 
organized by professor John Lions as a study 
aid for his students. The book has the complete 
UNIX V6 code listing and sections where Lions 
discusses all system parts, explaining the code. 


Around the world, many operating system 
developers have debuted in this field reading 
those notes from professor Lions. 


When UNIX was closed and its source code 
could not be used in classes anymore, another 
college professor, Andrew Stuart Tanenbaum, 
decided to create the MINIX project. MINIX 
would become one of the first efforts of creating 
a UNIX-like operating system without the original 
source code from Bell Labs. Also, one of the 
most famous books about Operating Systems 
widely used in many Computer Science classes 
until today originated from the MINIX project. 
The MINIX development is still active. Currently, 
MINIX is licensed under BSD. 


The first BSD versions were branches of the 
original UNIX. At present, any “BSD” system can 
be considered a derivative of the original UNIX 
ancestor. 


Linux is another famous modern UNIX-like but its 
development started in 90’s, and it does not 
have any code from original UNIX. 


User programs can be easily ported from 
UNIX-like to another. The sharing between all 
those UNIX-like systems is only possible 
because all of them follow an important 
document called Single Unix Specification 
(http://opengroup.org/unix). This document 


summarizes what an operating system must Table 1: The POSIX signals. 


implement to be considered a UNIX-like. 
The Single Unix Specification is composed of 1 JSIGHUP 


three documents: ANSI C, XPG4, and POSIX. 
signa 
The ANSI Cis about the standard for the C 


language implementation, including syntax, - SIG Illegal instruction 
libraries and other features. The XPG4 Is about SIGTRAP race/breakpoint 


standards for X server, the graphical UNIX rap 


interface. The POSIX document lists all system p BIGABET tatty aper 
; signa 
eal and signals that a UNIX-like must SIGIOT Brocese aber 
implement. signal. (PDP-11) 
SIGE 
How internally a UNIX-like works does not matter SIGUNUSED 


for the Single Unix Specification, but how this TE oe *- (can not be 
UNIX-like externally reacts and replies is very ignored) 


important. It defines if the system can be ears angen 
considered a UNIX-like or not. Due to it, maybe operation 


POSIX could be considered the most important SIGUSR1 —— 

document in the whole standard. Siena Fee ae 
undefined portion 

The POSIX signals and system calls - —_— 
objec 


. SIGSEGV Invalid memory 
The POSIX standard defines 31 signals. Those nn 


signals must be implemented by a UNIX-like. = User-defined 
Table 1 lists more details about each of them. signal 2 


Signals are important because the system uses SIGPIPE rite on a pipe 
them to manage its processes. Processes are with no one to 

. read it (broken- 
able to send and receive signals. pipe) 


SIGALARW 


(can be ignored) 

SIGCHLD Child process 
erminated, 
stopped, or 
continued 

SIGCONT Continue 
executing, if 
stopped 

SIGSTOP Stop executing 
(cannot be caught 
or ignored) 


SIGTSTP erminal stop 
signal 


process 
attempting read 
process 
attempting write 
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Opposing to the standard signals, there are 
several system calls. Some of them are related to 
the file system (open, read, and write), time 
utilities (gettimeoftheday), networking (send, 
recv, accept), etc. 


As you should see, some system call names are 
used also to name functions inside the standard 
C library. These C library functions are directly 
related to those system calls but the standard C 
library only implements the user side of them. 
Being those C functions only tiny windows to the 
true system calls. 


A brief overview of C language 


C is a powerful procedural language created by 
Dennis Ritchie at Bell Labs to simplify the UNIX 
development. One of the most impressing 
concepts introduced by C language was the 
notion of portability. 


Functionalities like the unary operator “sizeof” 
and the C pre-processor made the process of 
porting software easier than before. 


Although at first glance it was developed as 
support technology for the UNIX project, the use 
of C has gone beyond the UNIX frontiers and C 
has been proved to be a well Succeed 
programming language. Even nowadays, despite 
the advent of more modern and “friendly” 
programming languages, there are still tons of 
legacy and new software being maintained and 
developed in C. 


The compilation process of a C program can be 
divided into 3 main phases: Pre-processing, 
Compiling and Linking. 


The pre-processing phase is performed by the C 
pre-processor software. This program handles all 
defined macro stuff and the compiler directives. 


The compiling phase is managed by the C 
compiler itself. It parses the source codes 
seeking to verify all data. Aborting when some 
lexical or syntax error are found. 
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The linking is done by the linker program. This 
software will properly generate the executable 
code. 


The C language Is surprisingly powerful and 
compact. The basic data types include int, long, 
short, char, float and double. It is also possible to 
use these types with unsigned values. In this 
case, the type name must be prefixed by the 
reserved word “unsigned”. It is also possible to 
use some extensions of some types such as 
“long long”, etc. 


User-defined types are also allowed, in this case, 
the reserved word “typedef” is used for doing it. 


One of the most powerful features in C language 
is pointers. Pointers, as the name suggest, 
instead of directly storing data, they indirect to 
the data: It does store a memory address where 
some data Is in. 


The memory management is all up to the 
developer. For beginners, it makes C a little bit 
hard. Anyway, programming in C ts valuable for 
any student who really wants to know how their 
system works. 


Since this course assumes C Programming skills 
as pre-requisite, more details about the core of 
the language will not be given. 


Nonetheless, if you have problems with pointers, 
structs, how to implement classical data 
structures in C, basic flow control statements, 
ANSI C functions, function pointers, or a more 
advanced C macro usage, | would suggest you 
study more deeply on the C language before 
starting taking this course. 


Main Data Structures 
As any software, operating systems take 


advantage of many data structures to store and 
manipulate relevant data. 


There two main data structures widely used: 
Queues and stacks. 


Queues 


Queues store data in the way its name suggests: 
the current piece of data is stored after the last 
stored piece of data. When some data is needed 
to be removed, the older data is always removed 
first. Due to this behavior, lists are also known by 
the acronym FIFO (First In First Out). 


Stacks 


Stacks also handle data as its name suggests: 
the data is stacked. When some data is 
removed, the newer data is removed before the 
older. This behavior is explained by the acronym 
LIFO (Last In First Out). 


, 
' 
' 

; 
! 
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Figure 1. A list item 


\._ Indirection to 
another item 


Lists 


Lists are a generalization of queues and stacks. 
There are many implementations of lists: singly 
linked, doubly linked. The data handling in this 
kind of data structure is more loose. New data 
can be added at any point in the list and the data 
can be removed irrespective of its position in the 
list. 


Depending on the list type (singly, doubly linked), 
some operations will be easier than others. 
Anyway, this freedom of editing the data is 
achieved by taking advantages of pointers. 


Usually, a list item is composed of a data 
payload and a pointer. The set of many items 
pointing to other items compose the whole list. 
Figure 1 illustrates the general idea of a list item. 


= ee — «= 


_Data payload including | 
: several information 


A singly linked list item just points to its next 
item. When there is no next item, the pointer Is 
null. Figure 2 illustrates a singly linked list. 


A doubly linked list item points to its next item 
but also points to its prior item. When there is no 
next or prior items, the related pointers are set to 
null. Figure 3 illustrates a doubly linked list. 


Trees 


Trees can be understood as a multi-level linked 
list. In this case, the data payload of the list item 
also counts with a sub-indirection used to point 
to several sub-lists with the same behavior 
adopted by the main list. In other words, it is just 
a mirrored structure. Usually, recursive 
algorithms should be implemented to handle 
data in a tree structure. 


am (ot 


Figure 2. A single linked list 


a 


How those data structures can be 
expressed in C 


Data structures can be expressed in C using the 
reserved word “struct”. Indirections can be 
implemented as pointers to the structure itself: 


struct list item { 
void *data; 
SIZe..t. Cata. S172; 
Struct 1166 2bem. *nexc; 
bi 


FreeBSD and NetBSD implement native utilities 
for list handling. To use those utilities is 
considered a best practice because the code is 
stable, optimized and mitigates the insertion of 
new bugs related to such basic operations. 


Figure 3. A doubly linked list 


Conclusions 


UNIX initially was a commercial operating 
system. 


The C Language was primarily developed to 
make easier UNIX ports. However, the design 
behind C, which is focused on a compact 
programming language specification and a 
programming language that does not limit the 
developer, has made the C language a good 
choice for several real world software projects. C 
has a large influence on many modern 
programming languages too. 


College teachers had been using UNIX in their 
classes until the operating system had its source 
code closed. 


The copyright barriers imposed by Bell Labs in 
70’s pushed people to create important and 
amazing UNIX-like versions. Seminal books were 
written and projects were created since then. 
Nowadays, we have UNIX-like systems running 
not only in servers but also in your beloved 
smartphones, routers, IOT devices, etc. There is 
no doubt that the UNIX philosophy has been a 
huge success. 


Even being a proprietary operating system, UNIX 
shares an important standard called Single Unix 
Specification. This document makes possible the 
interaction of different UNIX-like families, 
including the interchanging of programs and 
programming libraries. 


The Single Unix Specification is basically 
composed of three documents: ANSI C, XPG4, 
and POSIX. 


As suggested by the name, the ANSI C standard 
is related to the main UNIX programming 
language. Due to it, the ANSI C must be followed 
as much as possible when writing programs that 
must run in several UNIX implementations. In this 
way, portability will be easier. Even with non 
UNIX-like systems, usually the operating system 
has a minimal C library normally based on the 
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standard C library. This gives us an important tip: 
code considering ANSI C from the beginning 
and you will never be sorry. 


XPG4 Is the standard related to the X server and 
graphical UNIX parts. 


POSIX is perhaps the most important standard 
of the three. It defines the standard signals sent 
and received by the processes and the standard 
system calls. Any good UNIX-like system must 
be POSIX compliant. 


Stacks and Queues are the most common data 
structures present in computing. 


Lists can be understood as a generalization of 
the ideas introduced by queues and stacks. 


Programmatically, a tree can be understood as a 
multi-level list. 


FreeBSD and NetBSD features standard utilities 
for list typed data implementation. 


Note 


You can learn more about Device Driver Development by 
joining our online course on bsdmag.org 


Meet the Author 


Rafael Santiago de Souza Netto is a Computer 
Scientist from Brazil. He has been working as 
software developer since 2000. He usually 
contributes writing software for Computer 
Science research groups from Brazil. He has 
about 19 years of experience in C programming. 
His main areas of interest are Programming, 
Computer Networks, Operating Systems, UNIX 
culture, Compilers, Cryptography, Information 
Security and Social Coding. In his spare time he 
likes to continue writing code but also articles 
(talking about code) for BSD Magazine, 2600 
among other publications. 
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Self Exposure 


Monitoring OpenBSD using 
CollectD, InfluxDB, and 
Grafana 


In a “get pretty graphs” mood, I’m looking at what can be done regarding OpenBSD 
monitoring using the CollectD collector and Grafana dashboard renderer. OpenBSD 
6.2-current provides InfluxDB and Grafana packages. A great stack for pretty reportings. 


Host the data 


system metrics will be stored in InfluxDB because It can be used as a Grafana source. The installation 
and configuration is straightforward. The key thing is to enable the collectd protocol. 


# pkg add influxdb 
f Wi, (ELCs Inf luxab/ ine lxdb cont 
aio) 
[[collectd] ] 
enabled = true 
bind-address = ":25826" 
Gavtlabase = “COLrecra” 
retention-policy = ™" 


typesdb = "/usr/local/share/collectd" 


He 


rectl enable influxdb 
rocul Starr. tnt luxdb 


He 
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Note that this service works using UDP only. Unless | missed something at the time of writing, there is 
no TCP nor TLS options available. 


# netstat -na | grep 25826 
udp 0 0 *.25826 *.* 


Collect the data 


| mostly use the CollectD as a metrics collector because It Knows about OpenBSD, and can send its 
data remotely. In this case, to InfluxDB, enable any required plugins. Don’t forget the network one so 
that data can be sent to InfluxDB. 


# pkg add collectd 
# Wa, (Ste/collectd. cont 


eee, 

<Plugin network> 
<Server “L271 .04.0 21" “25asZo" > 
</Server> 


REPOLES Lats Lriuc 
<7 Sole bke ina 


+ £EGEL ‘enable eo libhecid 
i Per, Star w Col teeta 


Render the data 


New in OpenBSD 6.2-current : Grafana is available as a binary package. This will enable pretty 
graphing using my prefered OS. 


# pkg add grafana 


# vi fetc/grafana/config.ini 


# rcctl enable grafana 
# rcectl start grafana 


Browse to http://localhost:3000/ and log in using the default credentials (admin: admin). Those can be 
changed this way http://docs.grafana.org/installation/configuration/#security and from the GUI. 


In Grafana, add the InfluxDB source using the collectd database. 


There are example dashboards available on Grafana’s website. Namely #554, #555 and #755. They will 
nearly work out-of-the-box and can be used as a base to create yours. They seem to be Linux-centric 
but here’s how they look, once slightly modified for OpenBSD. 


3/ 


I’ve created one from scratch to render default collecting data from my OpenBSD servers. It looks like 
this : 
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ual SEGLLLALIEALIEAILE WE } 


aa a 


lil il 


Should you want to use it, | have made it available online here. 


That’s All Folks! 


lam a 42 years old techie, and a far as | can remember, there’s always been a computer at home. | 
started using a Thomson MO5 when | was about 10. Then, we had a Macintosh 128K and a SMT 
Goupil Gd. Thereafter, we had various 80386, 80486DX2, and Pentium machines running on either DOS 
or Windows OS. | don’t remember precisely but in the early 1990’s, my father brought me a book about 
UNIX, which shipped CDs with Slackware Linux on it. Then he brought a magazine with a CD of 
FreeBSD. And | was attracted by the shell. | have worked as a System Engineer since 1998, sometimes 
as an employee, sometimes as an IT consultant. Since 2008, | evolved a bit and served as an IT 
Architect for various clients. As of 2015, a friend and | started our own company. We’re helping our 
clients to make the most of their IT systems. 
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My day-to-day work is to deal with Linux and Windows systems. During my time off, | practice Karate 
and Callisthenics, or play with some OpenBSD instances to host my personal IT services and explore 
things. 


How you first got involved with programming? What was your path? 


| started programming using Logo and Basic on the Thomson MO5 my father brought home. Then in 
school, | learned Turbo Pascal, and finally, in University, | learned C and JAVA. As a personal interest, | 
learned shell programming on Bash and TCSH. 


Reading your blog, we can see that you have a wide field of expertise. Please tell us which Is 
your favourite area? 


I’m not sure if | have a favorite area. I’m more of an Ops than a Dev. And | know much about Systems 
than Networks. But | can do storage, virtualization, email, network services, web stuff, etc. One of my 
strengths is being able to deal with (nearly) any technology. | like to say, « if there’s a shell, there’s a 
way. » 


It seems the OpenBSD is your favorite OS? Why? What features are the best and what you like 
the most? 


The first reason | opted for OpenBSD, believe it or not, was because of its Puffy mascot. | liked it more 
than the Penguin. Thus, | learned the OS. And | was fascinated by how it is built by developers. It’s 
simple, efficient, and clean. What is supposed to work, « just works ». There was a period when | 
mostly used NetBSD because of its documentation. However, | stopped using it when It started having 
some glitches that OpenBSD didn’t have. Another reason why | like OpenBSD is its six months release 
cadence. It’s easy to get prepared for OpenBSD upgrades. And you’re not digging for things that 
changed on a chaotic cadence. | like the fact that the base system and the ports are separated, and the 
fact that most of the software can be run and managed from binary packages. No more « wait 6H for 
dependencies to compile ». Lastly, the feature | like most is syspatch(8). In my view, this makes the OS 
Production ready for the enterprise. AFAIK doesn’t deal with port upgrades yet. But M:Tier’s openup 
does the job at the moment. 


What is your the most interesting programming issue you encountered, and why was it so 
amazing? 


As | said, I’m not a developer. So | have never encountered any real programming issue. But what’s 
impressive is the ability of the OpenBSD Dev community to manage all this software that was not 
designed to be running on OpenBSD. 


What tools do you use most often, and why? 


There’s every likelinood that OpenSSH, ksh, and Vim are among the top five. Other tools | frequently 
use are cat, grep, less, and awk. Those are my day-to-day friends to manage, debug, improve or 
correct IT services. 
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In the top 10 list, there would probably also be Word, Excel, and Powerpoint because | have to deal 
with users that don’t read shell. Those are honestly great tools to show-off and explain things 
toend-users. 


What was the most difficult and challenging implementation you’ve done so far? Could you give 
us some details? 


The most challenging thing I’ve ever done was building a whole IT system. From racking the servers in 
the datacenter to configuring a complete Active Directory + Exchange + SharePoint environment, while 
still having to setup and manage the EMC SAN and the VMware vSphere infrastructure. We were five 
guys working hard to set up that whole thing for 10 O00 users. At that time, | only Knew about Linux and 
OpenBSD running on independent servers. Therefore, | had to learn those new technical infrastructure 
layers, and understand how the Microsoft Services worked compared to the Open-Source Software | 
Knew. In the end, all went well. It is a great memory. 


Can you tell us about your favourite features in the new releases of your favourite OS? 


Not really. | don’t have any missing feature on my servers. They run in the Cloud, they run in the 
virtualisation system | own. And they work well. Since 6.3, Grafana and the ELK stack are available. 
Infact, they are more stable than the ones | run on some Ubuntu systems. Come to think of It, it’s 
maybe the first time | don’t expect more from OpenBSD. 


Do you have any specific goals for the rest of this year? 


| would like to finish my Grafana dashboards for every service | run on my OpenBSD servers. | would 
also like to find time to switch my WordPress instance from Apache to httpd(8). Further, | need to learn 
about the Amazon Web Services and it’s way to implement Infrastructure as Code (laC). That’s probably 
my 2018 main goal. 


What’s the best advice you can give to the BSD magazine readers? 


Maybe to just do it with *BSD whenever it's possible. Even in big companies that paid for Microsoft or 
RHEL support, | was able to set up a few OpenBSD boxes: a PF cluster to protect the network, a bunch 
of OpenBSD/OpenSMITPD servers to relay internal emails, and an OAMP farm to publish web 
applications. “BSD is not just for old nerds, hobbyists or SME. It can be used to provide high-quality IT 
services. Hence, it’s important that the World should Know about tt. 


That’s part of the reasons | write articles on my blog. To prove that you can do valuable things with 
OpenBSD. 


Thank you 
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Expert Speak by E.G. 
Nadhan 


From Unconscious Bias to 
Unbiased Consciousness 


A member of the audience attending a panel session on Unconscious Bias accidentally 
referred to the topic as Unbiased Consciousness. Perhaps, it was no accident and was a 
sublime message instead about the world to come — a world where we are consciously 
unbiased rather than being unconsciously biased. However, this utopian world can 
become real only if proactive actions are taken to combat such mindsets that may not be 
in our control. 


What’s the most challenging part of unconscious bias? It is unconscious. You don’t even know that you 
are doing it while you are doing it. Yet the outcomes of your actions will soeak for themselves — by 
which time, it might be too late. 


| recently attended this panel session on Unconscious bias and how to make your voice heard, 
organized by SpringCM. | wanted to listen to and learn from the panelists on their first-hand 
experiences being on the receiving end of unconscious bias. During the session, | began thinking about 
the need for action on all fronts to combat this phenomenon. 


The panel was moderated by Heather Christman, the senior director, strategy and development for 
PeopleFoundry, while four distinguished panelists shared their insights: Manika M. Turnbull, Ph.D., VP & 
Chief Diversity Officer at HCSC; Terri Brax, CEO at Women Tech Founders; Michelle Joseph, CEO & 
founder at PeopleFoundry; and Andee Harris, CEO at Highground. 


Insights on unconscious bias 
Here are some realities about bias that surfaced through the various experiences of the panelists: 


- Bias exists because people exist. It is pervasive. 
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- Bias is activated without the individual’s control, possibly leading to snap judgments and blind spots. 
- Bias grows over the years in the world around you. 

- Bias is fueled in the comfort zone of working with people like yourself. 

- Bias is expedient — you're just getting the work done. 


- Bias surfaces in unexpected places, such as the words used in job descriptions, and holidays that are 
celebrated within the enterprise. 


- Bias comes across when the gender of the working parent triggers questions about parental 
responsibilities. 


Four ways to fight unconscious bias 


These insights led me to wonder what we can do to consciously combat this unconscious bias. Here 
are some of my thoughts on how we as leaders can fight It: 


1. Groom. Human bias is based upon casual observations. We form opinions based on what we see in 
the world around us resulting in our brains training themselves on repeating phenomena. [hat is the 
way | have seen it — and therefore, that is the way it ought to be. Today’s workforce needs to have 
balance, for example, including people of different genders, ethnicities, and physical challenges. So 
does the workforce of tomorrow. 


Today’s schoolchildren are tomorrow’s torchbearers and thought leaders. A healthy mix of children from 
upcoming generations must be trained and motivated to engage in STEM projects. 


Combat Force One: Grow the diversity in the future workforce. 


2. Collaborate. While enterprises can take action within their firewalls, unconscious bias is human. 
There are no corporate or regional boundaries for unconscious bias. As one panelist asserted, it is 
pervasive across the extended enterprise. Therefore, it is vital for enterprises to join forces and take 
action. This panel session is a fine example of such collaboration — but collaboration needs to be 
extended to jointly take action across the corporate and the academic worlds. 


Combat Force Two: Corporations can collaborate with academia to change the DNA of the workforce. 


3. Cross-pollinate. Diverse teams must be staffed with people of different mindsets — not just a 
segment of the community. Project teams benefit from input from a wide variety of people. (We have 
heard some ClOs call this bringing “texture” to a problem-solving team. The texture - and 
problem-solving power — of the group increases with the diversity of voices and ideas.) For example, 
the fine panelists for this session (and the moderator) happened to be women who shared great 
insights, triggering a thought-provoking conversation. Cognitive diversity is not about who you are but 
how you think. 


Combat Force Three: Rethink how you construct teams, Keeping unconscious bias in mind. 
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4. Measure. Subjective conclusions are extremely difficult to measure. How much do | like a person? 
Or not? Quantifiable performance outcomes matter. How Is the overall performance of the enterprise 


affected by gender diversity? Evidence (like this McKinsey research on diversity and corporate profits) 
shows the positive impact diversity has on the overall financial performance of an organization. (See 


also what MIT Sloan Professor Thomas Malone’s research says about high-performing teams.) 


However, it is important that outcomes are measured, tracked and communicated at your enterprise — 
to spread the information about the resulting benefits. 


Combat Force Four: Quantify the performance of the enterprise. 


|am sure there are enterprises who are already taking one or more of these steps. Do other solutions 
come to mind? Please let me know. 


Meet the Author 


E.G. Nadhan is the Chief Technology Strategist for the Central Region at Red Hat. He provides thought 
leadership on various concepts including Cloud, Big Data, Analytics and the Internet of Things (loT) 
through multiple channels including industry conferences, Executive Roundtables as well as customer 
specific Executive Briefing sessions. With 25+ years of experience in the IT industry selling, delivering 
and managing enterprise solutions for global corporations, he works with the executive leadership of 
enterprises to innovatively drive Digital Transformation with a healthy blend of emerging solutions and a 
DevOps mindset. Follow Nadhan on Iwitter and Linked!n. 
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Courses 


Bundle 


3 Courses Bundle from The BSD Magazine is designed to ensure that you can get all 
relevant skills that will bring you one step ahead in your career. 


3 Courses Bundle includes: 


Devops with Chef on FreeBSD 


This training class teaches the tools, best practices and skills to automate your FreeBSD servers. 
Training will be loaded with practical real world tools and techniques. 


Improve Your PostgreSQL Skills 


The course aims to present the readers with a solid knowledge of PostgreSQL building blocks, 
including the plogsql language and how it can be used to build stored procedures and triggers. 
Advanced features like Common Table Expression and Window Functions will be presented, 
allowing the user to improve her SQL skills and know how to write better and more readable 
queries. 


Device Driver Development for BSD 


This course is intended for C programmers who want to learn the basics of device driver 
development. 


GET STARTED! 


Column 


With Facebook attempting to slam the privacy stable 
door well after the horse has bolted, the corporate giant 
has suspended over 200 applications which snarfed 
large amounts of profile data. What does the future hold 
for this global platform? 


Kok Semewlle 


| have a certain degree of sympathy for Mark Zuckerberg after being hauled before Congress in light of 
the Cambridge Analytica fiasco. Inevitably, any cutting-edge technology will eventually feel the hot 
breath of the establishment breathing down on it, be it via indirect legislation or as in the case of Mark 
Zuckerberg, in personal appearance before “the powers that be” to give account. 


lf | was Mark Zuckerberg, I’d be worried. There is a Shakespearean idiom that fits this scenario 
perfectly - “Hoisted with his own petard” - which means in plain English, to be blown up by your own 
bomb. There can be few Facebook users that are ignorant of the whole sorry story, no doubt spread 
and amplified and echoed via social media. Irrespective of the moral rights or wrongs here, you can be 
assured the accusations surrounding Facebook will at the very least, lead to further government 
regulation, and at worse, to the atrophying of the platform to such a degree that it will be sold off or 
split up, not unlike the fate of IBM and the large US telecommunications companies. Or indeed, both. 
Irritated governments in the media spotlight have a habit of using blunt instruments, and as we well 
Know, politicians and lawyers by nature don’t have a good grasp of the fundamental issues surrounding 
IT. 


| don’t think Facebook will suffer enormous censure out of this investigation, they are, after all, an 
American company. The closest | can remember in history of this battle of giants was when lawyer 
Ralph Nader, appeared in Congress to testify about automotive safety. His advocacy lead to the 
adoption of the 1966 National Traffic and Motor Vehicle Safety Act, which forced car manufacturers 
destined for the US market to equip vehicles with padded instrument panels, seat belts, and reversing 


46 


lights. This forced both the US and foreign manufacturers to take safety seriously, certainly as far as the 
US market was concerned. 


Personally, between fake news, the continuing increase in scandals surrounding child pornography, and 
the focus on “hate speech” on social media platforms, | believe we are very close, or if not actually, 
reaching a tipping point. Big government is getting more interested in big data. We are on treacherous 
territory here, as the Internet is considered the bastion of free soeech and expression. The danger here 
is that Mark Zuckerberg has invited a close forensic examination of not only what Facebook is, but also 
what it does, by an establishment that by design can only output a bland consensus. It might end up 
with some common-sense legislation like the 1966 Act, which would be a good thing. It might not, 
however. Facebook undoubtedly needs its wings clipped, and Mark Zuckerberg’s appearance in front 
of Congress will have been a sobering moment for the disrupter CEO. How much, in reality, will this 
carry through to Internet culture is a different matter entirely. 


It is all very well when Facebook shouts from the rooftops the benefits they bring as a social media 
provider. There can be no argument about the blessings they have brought to families, individuals, and 
communities. They have also been responsible for a phenomenal amount of heartache, from the 
spouse who has found out about their cheating partner, to the interview candidate who missed their 
dream job due to a prior HR search. With power, comes responsibility. Playing about with the 
developers API a few years ago confirmed my suspicions. Anyone with some decent kit could harvest 
this data wholesale, and use it for nefarious purposes. Having seen UK supermarkets “data power” 
gathered from point of sale datasets and loyalty cards prior to 2000, | shudder to think where Facebook 
rests in 2018. Facebook needs, desperately, to get off the “we are a just a provider” fence. Hopefully, 
Facebook might actually be facing some social responsibility and accountability for a change. 


lf Facebook wants to make a name for itself, they have a lot to learn. For instance, they might just want 
to, occasionally, not hand data over to law enforcement or intelligence agencies, carte blanch. The UK 
Guardian newspaper went through the surreal act of destroying hard drives with drills and angle 
grinders in the presence of the security services, to protect Edward Snowden. That is data privacy in 
action. Of course, Facebook is not a publisher, just a medium, or so they say. Where do you draw the 
line between community service and private privacy if you are not a journalist? On the balance sheet. 
There will be a bunch of individuals within the organization who understand the importance of the 
trends reflected in the data, and that will be leveraged to maximize the profit. Which is why | don’t agree 
with tax that is applied to carrier bags. | agree that the planet is a precious resource, and we need to 
cut down on plastic. Most carrier bags these days carry a brand logo. Having to pay to advertise for a 
corporate adds insult to injury. The same principle applies to Facebook, it might be free, but there is a 
price to pay. 


Facebook per se is a corporate marketing department’s wet dream. Be friendly, build a community, and 
gather intelligence. Sorry, information. Sell, or leverage this data. Job done. Money made. | have a 
teenage daughter who has pleaded with me not to look at her twitter feed. My wife, after discovering 
some inappropriate comments on said daughter’s Facebook page, called her to account, and | was in 
full agreement. After reading what was said, | really wish | had listened to my gut feeling and pulled out 
the plug on my daughter’s social media access at an earlier point. The fact my daughter is ashamed to 
share with her father what she types online, says something about the type of disconnect that 
Facebook actively cultivates. | am too much of a gentleman to throw my little weight around, and | am 
waiting for reality to kick in. 
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Facebook is now getting into the dating market. The Wall Street index had initially placed their bets on 
FB. The Internet dating agencies stock has fallen. So, what’s my advice to isolated IT professionals? 
Make real life friends, develop a real social circle, and your friends will sort it out. Until you hear or see 
someone eat, you don’t get it. You will never get that on Facebook, and if you could, you can still act or 
lie. Currently, said daughter has met her first boyfriend online, and as far as | can tell, he isn’t a 
deadbeat. Where this relationship goes, God only knows. The desire to crack them both on the head 
with the realities of data privacy, potential psychological damage, and realities of life is a constant 
temptation, but they are both from the “plugged in” generation. A few hours without Internet access 
and like heroin addicts going cold turkey, they will be invariably climbing the walls. Books, music, and 
face-to-face interaction are an anathema to them both. 


In reality, Facebook has diversified enough that even if their core platform becomes a pariah, as a 
technology company, it has an exit strategy. The question on everyone's lips is a simple one — 
Facebook may have been a global social media electro-magnet, attracting the iron filings of our lives, 
but where will that data turn up when the power is turned off? 
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FUNCTIONS: 


= Cures Windows workstations and servers. 


nn 


s Verifies the quality of the anti-virus software currently in use. 


ge « 
FEATURES: 
s Dr.Web Curelt! doesn’t require installation and doesn’t conflict with any Known anti-virus; conse 
quently there is no need to disable the anti-virus currently in use to check a system with Dr.Web Curelt!. 


s Improved self-protection and an enhanced mode for more efficient countermeasures against 
Windows blockers. 


se Dr.Web Curelt! is updated at least once an hour. 
s The utility can be launched from removable media including USB storage devices. 
LICENSING FEATURES: 
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Reliability Is critical 
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Download syslog-ng Premium Edition 
product evaluation here 


Attend to a free logging tech webinar here 


BalaBit 


IT Security 


www.balabit.com 


syslog-ng log server 


The world’s first High-Speed Reliable Logging™ technology 


HIGH-SPEED RELIABLE LOGGING 


= above 500 000 messages per second 


m zero message loss due to the 
Reliable Log Transfer Protocol™ 


= trusted log transfer and storage 


The High-Speed Reli 


